I reject connections from machines using a HELO argument claiming to be our domain or our server's IP address. (exim 4.3)
I do this also, using Sendmail and MIMEDefang. We used to catch around 1000/day with this, but lately it's been in the 300-500 range. Presumably those spammers have either moved on to different tactics or ended up on one of the few blacklists we reject with. It's probably too much to hope that they've given up.
On a more useful note, this tactic requires a bit of finesse if you have roaming or remote users. Certain mail clients - like Eudora, which I'm using now - will use the local host name and the domain name of the email address to construct the HELO. So we see a lot of outgoing mail with HELOs like "myname.speed.net" despite the fact that myname.speed.net doesn't exist and the IP is in a dynamic Covad range.
So you need to make allowances for valid users by either skipping the HELO check for authenticated connections (or however you handle remote users), or by checking for specific hostnames that you control.
Kelson Vibber
SpeedGate Communications <www.speed.net>
